2024 CrowdStrike-related IT outages

Content sourced from Wikipedia, licensed under CC BY-SA 3.0.

In July 2024, a faulty CrowdStrike update caused what researchers called the biggest IT outage in history. A misconfigured file in CrowdStrike’s Falcon Sensor on Windows computers led to mass crashes and boot loops, affecting roughly 8.5 million devices worldwide and shutting down many critical services for hours to days.

What happened
- On July 19, 2024, CrowdStrike released a problematic content update (Channel File 291) for Falcon Sensor. The change introduced an out-of-bounds memory read in the Windows sensor, causing some systems to crash or boot into recovery mode.
- The problem mainly hit Windows 10 and Windows 11 systems running CrowdStrike. Macs and Linux machines were not affected by this particular content file.
- The update could not be delayed by users, and many affected machines had to be repaired manually after the glitch was rolled back.

How it unfolded
- The faulty update went out at 04:09 UTC. Within hours, Windows Azure and Google Cloud Platform began rebooting and crashing on affected devices.
- CrowdStrike rolled back the faulty content at 05:27 UTC. By 09:45 UTC, CrowdStrike confirmed a fix had been deployed and stressed there was no cyberattack involved.
- Because many machines needed local, manual remediation, some outages persisted even after the fix. In organizations using BitLocker, recovering keys added extra delays.

Impact
- Global disruption across many sectors: airlines, airports, banks, hospitals, manufacturers, media, retail, and various government services.
- About 5,078 flights were canceled on July 19, with broader disruption in the following days. Airlines around the world faced grounding and delays; Delta faced a severe multi-day meltdown.
- 911 services, government agency websites, and many enterprise systems experienced outages or degraded performance in several countries.
- Financial markets and banks were affected, with widespread outages to online banking and payments.
- Media outlets, retailers, logistics companies (including Amazon), and many other service providers reported outages or degraded capabilities.

Aftermath and responses
- CrowdStrike reported millions of devices affected and later worked with customers to restore systems. The incident prompted investigations and widespread scrutiny of patch management and the risks of relying on a small number of cybersecurity providers.
- Delta Air Lines filed a $500 million lawsuit against CrowdStrike in October 2024, alleging negligence and other claims. CrowdStrike countersued, and later court actions explored damages and liability limits.
- The outage spurred discussions about redundancy, software supply chain governance, and the need for more diverse, resilient IT ecosystems. Governments and industry groups called for better preparedness and fixes to reduce future single-point failures.

Overall, the 2024 CrowdStrike outage highlighted how a single faulty software update can ripple through global infrastructure, affecting travel, finance, health care, government, and everyday life.